package com.jdbc.test.service;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import com.jdbc.test.entity.User;
import com.jdbc.test.utils.DBUtils;
import com.mysql.jdbc.Statement;


public class DoLogin {
	
	
	

	/**
	 * 根据用户名和密码查询用户对象信息
	 * @param name
	 * @param pwd
	 * @return u
	 */
	public User findUser(String name,String pwd){
		Connection conn = null;
		PreparedStatement stmt = null;
		java.sql.Statement stmt1= null;
		ResultSet rs = null;
		User u = null;
		try {
			conn = DBUtils.getConnection();//得到连接对象Connection
			
			
			String sql ="SELECT * FROM users WHERE NAME=? AND PASSWORD=?";
			stmt = conn.prepareStatement(sql);//得到执行sql语句的对象Statement
			//给？赋值
			stmt.setString(1, name);
			stmt.setString(2, pwd);
			rs = stmt.executeQuery();//执行sql语句
			
			
			//sql注入
//			String sql= "SELECT * FROM users WHERE NAME='"+name +"' AND PASSWORD='"+pwd+"'";
//			stmt1 = conn.createStatement();//得到执行sql语句的对象Statement
//			System.out.println(sql);
//			rs = stmt1.executeQuery(sql);//执行sql语句
			
			
		
			if(rs.next()){
				u = new User();
				u.setId(rs.getInt(1));
				u.setName(rs.getString(2));
				u.setPassword(rs.getString(3));
				u.setEmail(rs.getString(4));
				u.setBirthday(rs.getDate(5));
			}
		} catch (SQLException e) {
			e.printStackTrace();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}finally{
			DBUtils.closeAll(rs, stmt, conn);
		}
		
		return u;
	}
	
}
